Christian Heimes added the comment: I'm -1 on the patch for a practical reason: The current API is broken and I don't want to have it documented as officially supported.
In fact it is not only broken but also incompatible with more modern releases of OpenSSL. Recently OpenSSL got proper implementation of hostname and IP checking. Hostname and IP must be set with different API calls: https://www.openssl.org/docs/manmaster/crypto/X509_VERIFY_PARAM_add1_host.html https://www.openssl.org/docs/manmaster/crypto/X509_check_host.html ---------- stage: resolved -> commit review versions: +Python 3.6 _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue23239> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
